Beispiel #1
0
def test_sanity_csp(debug):
    # If DEBUG == True, the django-csp middleware is present, and Persona isn't
    # allowed by CSP, log a debug message warning about it.

    # Test if allowed properly.
    with patch_settings(CSP_DEFAULT_SRC=[],
                        CSP_SCRIPT_SRC=['https://login.persona.org'],
                        CSP_FRAME_SRC=['https://login.persona.org']):
        verify('post', assertion='asdf')
        debug.called = False
    debug.reset_mock()

    # Test fallback to default-src.
    with patch_settings(CSP_DEFAULT_SRC=['https://login.persona.org'],
                        CSP_SCRIPT_SRC=[],
                        CSP_FRAME_SRC=[]):
        verify('post', assertion='asdf')
        debug.called = False
    debug.reset_mock()

    # Test incorrect csp.
    with patch_settings(CSP_DEFAULT_SRC=[],
                        CSP_SCRIPT_SRC=[],
                        CSP_FRAME_SRC=[]):
        verify('post', assertion='asdf')
        debug.called = True
    debug.reset_mock()

    # Test partial incorrectness.
    with patch_settings(CSP_DEFAULT_SRC=[],
                        CSP_SCRIPT_SRC=['https://login.persona.org'],
                        CSP_FRAME_SRC=[]):
        verify('post', assertion='asdf')
        debug.called = True
def test_sanity_csp(debug):
    # If DEBUG == True, the django-csp middleware is present, and Persona isn't
    # allowed by CSP, log a debug message warning about it.

    # Test if allowed properly.
    with patch_settings(CSP_DEFAULT_SRC=[],
                        CSP_SCRIPT_SRC=['https://login.persona.org'],
                        CSP_FRAME_SRC=['https://login.persona.org']):
        verify('post', assertion='asdf')
        debug.called = False
    debug.reset_mock()

    # Test fallback to default-src.
    with patch_settings(CSP_DEFAULT_SRC=['https://login.persona.org'],
                        CSP_SCRIPT_SRC=[],
                        CSP_FRAME_SRC=[]):
        verify('post', assertion='asdf')
        debug.called = False
    debug.reset_mock()

    # Test incorrect csp.
    with patch_settings(CSP_DEFAULT_SRC=[],
                        CSP_SCRIPT_SRC=[],
                        CSP_FRAME_SRC=[]):
        verify('post', assertion='asdf')
        debug.called = True
    debug.reset_mock()

    # Test partial incorrectness.
    with patch_settings(CSP_DEFAULT_SRC=[],
                        CSP_SCRIPT_SRC=['https://login.persona.org'],
                        CSP_FRAME_SRC=[]):
        verify('post', assertion='asdf')
        debug.called = True
def verify(request_type, success_url=None, failure_url=None, **kwargs):
    """
    Call the verify view function. All kwargs not specified above will be passed
    as GET or POST arguments.
    """
    if request_type == 'get':
        request = factory.get('/browserid/verify', kwargs)
    else:
        request = factory.post('/browserid/verify', kwargs)

    # Patch settings prior to importing verify
    patches = {'BROWSERID_CREATE_USER': True, 'SITE_URL': 'http://testserver'}
    if success_url is not None:
        patches['LOGIN_REDIRECT_URL'] = success_url
    if failure_url is not None:
        patches['LOGIN_REDIRECT_URL_FAILURE'] = failure_url

    # We need to reload verify for the setting changes to take effect.
    with patch_settings(**patches):
        reload(views)
        verify_view = views.Verify.as_view()
        with patch.object(auth, 'login'):
            response = verify_view(request)

    return response
Beispiel #4
0
def verify(request_type, success_url=None, failure_url=None, **kwargs):
    """
    Call the verify view function. All kwargs not specified above will be passed
    as GET or POST arguments.
    """
    if request_type == 'get':
        request = factory.get('/browserid/verify', kwargs)
    else:
        request = factory.post('/browserid/verify', kwargs)

    # Patch settings prior to importing verify
    patches = {'BROWSERID_CREATE_USER': True, 'SITE_URL': 'http://testserver'}
    if success_url is not None:
        patches['LOGIN_REDIRECT_URL'] = success_url
    if failure_url is not None:
        patches['LOGIN_REDIRECT_URL_FAILURE'] = failure_url

    # We need to reload verify for the setting changes to take effect.
    with patch_settings(**patches):
        reload(views)
        verify_view = views.Verify.as_view()
        with patch.object(auth, 'login'):
            response = verify_view(request)

    return response
Beispiel #5
0
    def test_override_verify_class(self):
        # Reload so that the settings.BROWSERID_VERIFY_CLASS takes effect.
        path = 'django_browserid.tests.test_urls.MyVerifyClass'
        with patch_settings(BROWSERID_VERIFY_CLASS=path):
            reload(urls)

        view = resolve('/login/', urls).func
        self.assertEqual(view, MyVerifyClass.as_view())

        # Reset urls back to normal.
        reload(urls)